UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system boot loader must require authentication.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38585 RHEL-06-000068 SV-50386r3_rule Medium
Description
Password protection on the boot loader configuration ensures users with physical access cannot trivially alter important bootloader settings. These include which kernel to use, and whether to enter single-user mode.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2017-04-28

Details

Check Text ( None )
None
Fix Text (F-43533r2_fix)
The grub boot loader should have password protection enabled to protect boot-time settings. To do so, select a password and then generate a hash from it by running the following command:

# grub-crypt --sha-512

When prompted to enter a password, insert the following line into "/boot/grub/grub.conf" immediately after the header comments. (Use the output from "grub-crypt" as the value of [password-hash]):

password --encrypted [password-hash]